summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2014-02-13 - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add compatDarren Tucker
code for older OpenSSL versions that don't have EVP_MD_CTX_copy_ex.
2014-02-10Import openssh_6.5p1.orig.tar.gzColin Watson
2014-02-07 - djm@cvs.openbsd.org 2014/02/06 22:21:01Damien Miller
[sshconnect.c] in ssh_create_socket(), only do the getaddrinfo for BindAddress when BindAddress is actually specified. Fixes regression in 6.5 for UsePrivilegedPort=yes; patch from Corinna Vinschen
2014-02-07 - naddy@cvs.openbsd.org 2014/02/05 20:13:25Damien Miller
[ssh-keygen.1 ssh-keygen.c] tweak synopsis: calling ssh-keygen without any arguments is fine; ok jmc@ while here, fix ordering in usage(); requested by jmc@
2014-02-06 - (djm) [sandbox-seccomp-filter.c] Not all Linux architectures defineDamien Miller
__NR_shutdown; some go via the socketcall(2) multiplexer.
2014-02-06 - (dtucker) [openbsd-compat/bsd-poll.c] Don't bother checking for non-NULLDarren Tucker
before freeing since free(NULL) is a no-op. ok djm.
2014-02-05 - (djm) [sandbox-capsicum.c] Don't fatal if Capsicum is offered byDamien Miller
headers/libc but not supported by the kernel. Patch from Loganaden Velvindron @ AfriNIC
2014-02-04 - (djm) [regress/setuid-allowed.c] Missing string.h for strerror()Damien Miller
2014-02-04 - (djm) [openbsd-compat/Makefile.in] Add missing explicit_bzero.oDamien Miller
2014-02-04 - djm@cvs.openbsd.org 2014/02/04 00:24:29Damien Miller
[ssh.c] delay lowercasing of hostname until right before hostname canonicalisation to unbreak case-sensitive matching of ssh_config; reported by Ike Devolder; ok markus@
2014-02-04 - djm@cvs.openbsd.org 2014/02/04 00:24:29Damien Miller
[ssh.c] delay lowercasing of hostname until right before hostname canonicalisation to unbreak case-sensitive matching of ssh_config; reported by Ike Devolder; ok markus@
2014-02-04 - djm@cvs.openbsd.org 2014/02/02 03:44:31Damien Miller
[digest-libc.c digest-openssl.c] convert memset of potentially-private data to explicit_bzero()
2014-02-04 - djm@cvs.openbsd.org 2014/02/03 23:28:00Damien Miller
[ssh-ecdsa.c] fix memory leak; ECDSA_SIG_new() allocates 'r' and 's' for us, unlike DSA_SIG_new. Reported by Batz Spear; ok markus@
2014-02-04 - djm@cvs.openbsd.org 2014/02/02 03:44:32Damien Miller
[auth1.c auth2-chall.c auth2-passwd.c authfile.c bufaux.c bufbn.c] [buffer.c cipher-3des1.c cipher.c clientloop.c gss-serv.c kex.c] [kexdhc.c kexdhs.c kexecdhc.c kexgexc.c kexecdhs.c kexgexs.c key.c] [monitor.c monitor_wrap.c packet.c readpass.c rsa.c serverloop.c] [ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c] [ssh-keygen.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c] [sshd.c] convert memset of potentially-private data to explicit_bzero()
2014-02-04 - tedu@cvs.openbsd.org 2014/01/31 16:39:19Damien Miller
[auth2-chall.c authfd.c authfile.c bufaux.c bufec.c canohost.c] [channels.c cipher-chachapoly.c clientloop.c configure.ac hostfile.c] [kexc25519.c krl.c monitor.c sandbox-systrace.c session.c] [sftp-client.c ssh-keygen.c ssh.c sshconnect2.c sshd.c sshlogin.c] [openbsd-compat/explicit_bzero.c openbsd-compat/openbsd-compat.h] replace most bzero with explicit_bzero, except a few that cna be memset ok djm dtucker
2014-02-04 - djm@cvs.openbsd.org 2014/01/30 22:26:14Damien Miller
[sandbox-systrace.c] allow shutdown(2) syscall in sandbox - it may be called by packet_close() from portable (Id sync only; change is already in portable)
2014-02-04 - jmc@cvs.openbsd.org 2014/01/29 14:04:51Damien Miller
[sshd_config.5] document kbdinteractiveauthentication; requested From: Ross L Richardson dtucker/markus helped explain its workings;
2014-02-04 - djm@cvs.openbsd.org 2014/01/29 06:18:35Damien Miller
[Makefile.in auth.h auth2-jpake.c auth2.c jpake.c jpake.h monitor.c] [monitor.h monitor_wrap.c monitor_wrap.h readconf.c readconf.h] [schnorr.c schnorr.h servconf.c servconf.h ssh2.h sshconnect2.c] remove experimental, never-enabled JPAKE code; ok markus@
2014-02-04 - djm@cvs.openbsd.org 2014/01/29 00:19:26Damien Miller
[sshd.c] use kill(0, ...) instead of killpg(0, ...); on most operating systems they are equivalent, but SUSv2 describes the latter as having undefined behaviour; from portable; ok dtucker (Id sync only; change is already in portable)
2014-02-04 - jmc@cvs.openbsd.org 2014/01/28 14:13:39Damien Miller
[ssh-keyscan.1] kill some bad Pa; From: Jan Stary
2014-02-04ignore a few more regress droppingsDamien Miller
2014-02-04 - markus@cvs.openbsd.org 2014/01/27 20:13:46Damien Miller
[digest.c digest-openssl.c digest-libc.c Makefile.in] rename digest.c to digest-openssl.c and add libc variant; ok djm@
2014-02-04 - markus@cvs.openbsd.org 2014/01/27 19:18:54Damien Miller
[auth-rsa.c cipher.c ssh-agent.c sshconnect1.c sshd.c] replace openssl MD5 with our ssh_digest_*; ok djm@
2014-02-04 - markus@cvs.openbsd.org 2014/01/27 18:58:14Damien Miller
[Makefile.in digest.c digest.h hostfile.c kex.h mac.c hmac.c hmac.h] replace openssl HMAC with an implementation based on our ssh_digest_* ok and feedback djm@
2014-01-31 - (tim) [Makefile.in] build regress/setuid-allow.Tim Rice
2014-01-31 - (dtucker) [readconf.c] Include <arpa/inet.h> for the hton macros. FixesDarren Tucker
build with HP-UX's compiler. Patch from Kevin Brott.
2014-01-31 - (djm) [sandbox-seccomp-filter.c sandbox-systrace.c] Allow shutdown(2)Damien Miller
syscall from sandboxes; it may be called by packet_close.
2014-01-30 - (djm) Release openssh-6.5p1Damien Miller
2014-01-30trim entries prior to openssh-6.0p1Damien Miller
2014-01-30 - (djm) [configure.ac atomicio.c] Kludge around NetBSD offeringDamien Miller
different symbols for 'read' when various compiler flags are in use, causing atomicio.c comparisons against it to break and read/write operations to hang; ok dtucker
2014-01-30 - (djm) [configure.ac] Only check for width-specified integer typesDamien Miller
in headers that actually exist. patch from Tom G. Christensen; ok dtucker@
2014-01-29 - (djm) [configure.ac] Fix broken shell test '==' vs '='; patch fromDamien Miller
Tom G. Christensen
2014-01-28 - (tim) [regress/agent.sh regress/agent-ptrace.sh] Assign $? to a variableTim Rice
when used as an error message inside an if statement so we display the correct into. agent.sh patch from Petr Lautrbach.
2014-01-28 - (djm) [sshd.c] Use kill(0, ...) instead of killpg(0, ...); theDamien Miller
latter being specified to have undefined behaviour in SUSv3; ok dtucker
2014-01-28 - (djm) [configure.ac] Search for inet_ntop in libnsl and libresovl;Damien Miller
ok dtucker
2014-01-27 - (dtucker) [Makefile.in] Remove trailing backslash which some makeDarren Tucker
implementations (eg older Solaris) do not cope with.
2014-01-27Welcome to 2014Darren Tucker
2014-01-26 - (djm) [configure.ac] correct AC_DEFINE for previous.Damien Miller
2014-01-26 - (djm) [configure.ac sandbox-capsicum.c sandbox-rlimit.c] DisableDamien Miller
RLIMIT_NOFILE pseudo-sandbox on FreeBSD. In some configurations, libc will attempt to open additional file descriptors for crypto offload and crash if they cannot be opened.
2014-01-26 - markus@cvs.openbsd.org 2014/01/25 20:35:37Damien Miller
[kex.c] dh_need needs to be set to max(seclen, blocksize, ivlen, mac_len) ok dtucker@, noted by mancha
2014-01-26 - dtucker@cvs.openbsd.org 2014/01/25 10:12:50Damien Miller
[cipher.c cipher.h kex.c kex.h kexgexc.c] Add a special case for the DH group size for 3des-cbc, which has an effective strength much lower than the key size. This causes problems with some cryptlib implementations, which don't support group sizes larger than 4k but also don't use the largest group size it does support as specified in the RFC. Based on a patch from Petr Lautrbach at Redhat, reduced by me with input from Markus. ok djm@ markus@
2014-01-25 - (djm) [configure.ac] autoconf sets finds to 'yes' not '1', so testDamien Miller
against the correct thing.
2014-01-25 - (djm) [configure.ac] Do not attempt to use capsicum sandbox unlessDamien Miller
sys/capability.h exists and cap_rights_limit is in libc. Fixes build on FreeBSD9x which provides the header but not the libc support.
2014-01-25 - (djm) [configure.ac] Fix detection of capsicum sandbox on FreeBSDDamien Miller
2014-01-24 - (djm) [Makefile.in regress/scp-ssh-wrapper.sh regress/scp.sh] MakeDamien Miller
the scp regress test actually test the built scp rather than the one in $PATH. ok dtucker@
2014-01-23 - (dtucker) [configure.ac] NetBSD's (and FreeBSD's) strnvis is gratuitouslyDarren Tucker
incompatible with OpenBSD's despite post-dating it by more than a decade. Declare it as broken, and document FreeBSD's as the same. ok djm@
2014-01-22 - (tim) [session.c] Improve error reporting on set_id().Tim Rice
2014-01-22 - (djm) [configure.ac aclocal.m4] More tests to detect fallout fromDamien Miller
platform hardening options: include some long long int arithmatic to detect missing support functions for -ftrapv in libgcc and equivalents, actually test linking when -ftrapv is supplied and set either both -pie/-fPIE or neither. feedback and ok dtucker@
2014-01-22 - (djm) [configure.ac] Unless specifically requested, only attemptDamien Miller
to build Position Independent Executables on gcc >= 4.x; ok dtucker
2014-01-22 - (djm) [openbsd-compat/setproctitle.c] Don't fail to compile if aDamien Miller
platform that is expected to use the reuse-argv style setproctitle hack surprises us by providing a setproctitle in libc; ok dtucker